Redhat6.5+Oracle 11.2 RAC安装完整步骤,包括单独完整DNS建立和SSL互信.docx

oracle RAC集群实施文档一：对主机进行配置，需要在2台主机都进行配置。1：关掉防火墙，关掉SElinuxssh 到redhat 主机03S 和 04S上：root03S # service iptables stopiptables：将链设置为政策 ACCEPT：nat mangle filter 确定iptables：清除防火墙规则：确定iptables：正在卸载模块：确定编辑selinux配置文件修改 为SELINUX=disabledroot 03S # vim /etc/selinux/config # This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - No SELinux policy is loaded.SELINUX=disabled# SELINUXTYPE= can take one of these two values:# targeted - Targeted processes are protected,# mls - Multi Level Security protection.SELINUXTYPE=targeted再次查看linux防火墙与selinux服务root03S named# chkconfig iptables offroot03S named# service iptables stoproot 03S named# service ip6tables stopiptables：将链设置为政策 ACCEPT：filter 确定iptables：清除防火墙规则：确定iptables：正在卸载模块：确定root 03S named# service ip6tables stopip6tables：将 chains 设置为 ACCEPT 策略：filter 确定ip6tables：清除防火墙规则：确定：正在卸载模块：确定root 04S named# chkconfig ip6tables offroot 03S # ip6tables -L root 03S # iptables -L Chain INPUT (policy ACCEPT)target prot opt source destination Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy ACCEPT)target prot opt source destination root 03S # getenforceDisabled2：设置hosts文件主机名公网IP私网IP名称VIP名称SCAN IP名称 01S 01S-PRIV 1 01S-VIP RAC-SCAN RAC-SCAN 0RAC-SCAN 02S 02S-PRIV 2 02S-VIP 03S 03S-PRIV 3 03S-VIP 5RAC-SCAN34 6RAC-SCAN34 7RAC-SCAN34 04S 04S-PRIV 4 04S-VIP 01S 01S-PRIV 1 01S-VIP RAC-SCAN3 RAC-SCAN3 0RAC-SCAN3 02S 02S-PRIV 2 02S-VIP 03S 03S-PRIV 3 03S-VIP 5RAC-SCAN4 6RAC-SCAN4 7RAC-SCAN4 04S 04S-PRIV 4 04S-VIProot 04S # vi /etc/hosts localhost localhost.localdomain localhost4 localhost4.localdomain4:1 localhost localhost.localdomain localhost6 localhost6.localdomain6 03S 04S 03S-PRIV 04S-PRIV 3 03S-VIP 4 04S-VIP 5 RAC-SCAN4 6 RAC-SCAN4 7 RAC-SCAN43：配置DNSroot 03S etc# rpm -qa|grep bind samba-winbind-3.6.9-164.el6.x86_64ypbind-1.20.4-30.el6.x86_64bind-9.8.2-0.17.rc1.el6_4.6.x86_64PackageKit-device-rebind-0.5.8-21.el6.x86_64samba-winbind-clients-3.6.9-164.el6.x86_64bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64rpcbind-0.2.0-11.el6.x86_64bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64root 03S etc# rpm -qa|grep namebiosdevname-0.5.0-2.el6.x86_64（1）编辑named.conf root 03S etc# vi /etc/named.conf/ named.conf/ Provided by Red Hat bind package to configure the ISC BIND named(8) DNS/ server as a caching only nameserver (as a localhost DNS resolver only)./ See /usr/share/doc/bind*/sample/ for example named configuration files./options listen-on port 53 ; ; listen-on-v6 port 53 :1; ; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; allow-query localhost; ; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file /etc/named.iscdlv.key; managed-keys-directory /var/named/dynamic;logging channel default_debug file data/named.run; severity dynamic; ;zone . IN type hint; file named.ca;include /etc/named.rfc1912.zones;include /etc/named.root.key;caldomain. IN type master; file localdomain.zone; allow-update none; ;#添加以下内容zone “localhostdomain.INtype master; file “localdomain.zone” allow-update none ;s;zone 132. 192.168.. IN type master; file 132. 192.168.; allow-update none; ;zone 1.168.192.. IN type master; file 1.168.192.; allow-update none; ;（2）编辑 /var/named下的配置文件 root 04S # vi /var/named/131. 192.168.#添加以下内容$TTL 1H IN SOA localhost.localdomain. localhost.localdomain. ( 2 3H 1H 1W 1H )131. 192.168.. IN NS localhost.localdomain.3 IN PTR 03S.localdomain4 IN PTR 04S.localdomain13 IN PTR 03S-vip.localdomain14 IN PTR 04S-vip.localdomain15 IN PTR RAC-SCAN4.localdomain16 IN PTR RAC-SCAN4.localdomain17 IN PTR RAC-SCAN4.localdomainroot 03S named# vi 1.168.192.RIGIN 1.168.192..$TTL 1H IN SOA localhost.localdomain. localhost.localdomain. ( 2 3H 1H 1W 1H )1.168.192.. IN NS localhost.localdomain.7 IN PTR 03S-PRIV.localdomain8 IN PTR 04S-PRIV.localdomain root 03S named# vi localdomain.zones$TTL 86400 IN SOA localhost root.localhost ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; Inpiry 1D ) ; minimum IN NS localhostlocalhost IN A 03S IN A 04S IN A 03S-vip IN A 3 04S-PRIV IN A 03S-PRIV IN A 04S-vip IN A 4RAC-SCAN4 IN A 5RAC-SCAN4 IN A 6RAC-SCAN4 IN A 7（3：）设置开机启动root 03S /# chkconfig named onroot 03S grid# vi /etc/resolv.conf # Generated by NetworkManager# No nameservers found; try putting DNS servers into your# ifcfg files in /etc/sysconfig/network-scripts like so:# DNS1=xxx.xxx.xxx.xxx# DNS2=xxx.xxx.xxx.xxx# DOMAIN= nameserver search localdomain（4：）重启服务root 04S named# service named restart停止 named：.确定启动 named：确定root 03S etc#（5：）测试DNSroot 04S named# nslookup 4：配置多路径配置multipath（1）编辑multipath.confroot 03S etc# vi multipath.conf# This is a basic configuration file with some examples, for device mapper# multipath.# For a complete list of the default configuration values, see# /usr/share/doc/device-mapper-multipath-0.4.9/multipath.conf.defaults# For a list of configuration options with descriptions, see# /usr/share/doc/device-mapper-multipath-0.4.9/multipath.conf.annotated# REMEMBER: After updating multipath.conf, you must run# service multipathd reload# for the changes to take effect in multipathd# By default, devices with vendor = IBM and product = S/390.* are# blacklisted. To enable mulitpathing on these devies, uncomment the# following lines.#blacklist_exceptions # device # vendor IBM# product S/390.*# # Use user friendly names, instead of using WWIDs as names.#defaults # user_friendly_names yes# Here is an example of how to configure some standard options.#添加以下内容，跟你你所使用的存储厂商所提供的，不要抄下面的。或者只改最简单的，百度一下defaults polling_interval 10 max_fds 8192devices device vendor 3PARdata product VV no_path_retry 18 features 0 hardware_handler 0 path_grouping_policy multibus getuid_callout /lib/udev/scsi_id -whitelisted -device=/dev/%n path_selector round-robin 0 rr_weight uniform rr_min_io_rq 1 path_checker tur failback immediate #defaults # udev_dir /dev# polling_interval 10# path_selector round-robin 0# path_grouping_policy multibus# getuid_callout /lib/udev/scsi_id -whitelisted -device=/dev/%n# prio alua# path_checker readsector0# rr_min_io 100# max_fds 8192# rr_weight priorities# failback immediate# no_path_retry fail# user_friendly_names yes# The wwid line in the following blacklist section is shown as an example# of how to blacklist devices by wwid. The 2 devnode lines are the# compiled in default blacklist. If you want to blacklist entire types# of devices, such as all scsi devices, you should use a devnode line.# However, if you want to blacklist specific devices, you should use# a wwid line. Since there is no guarantee that a specific device will# not change names on reboot (from /dev/sda to /dev/sdb for example)# devnode lines are not recommended for blacklisting specific devices.#blacklist # wwid 26353900f02796769# devnode (ram|raw|loop|fd|md|dm-|sr|scd|st)0-9*# devnode hda-z#multipaths # multipath # wwid 3600508b4000156d700012000000b0000# alias yellow# path_grouping_policy multibus# path_checker readsector0# path_selector round-robin 0# failback manual# rr_weight priorities# no_path_retry 5# # multipath # wwid 1DEC_321816758474# alias red# #devices # device # vendor COMPAQ # product HSV110 (C)COMPAQ# path_grouping_policy multibus# getuid_callout /lib/udev/scsi_id -whitelisted -device=/dev/%n# path_checker readsector0# path_selector round-robin 0# hardware_handler 0# failback 15# rr_weight priorities# no_path_retry queue# # device # vendor COMPAQ # product MSA1000 # path_grouping_policy multibus# #blacklist （2）重启服务root 03S etc# service multipathd restartok正在关闭multipathd 端口监控程序：确定正在启动守护进程multipathd：确定将multipathd 加到随系统启动启动root 03S etc#chkconfig multipathd on（3）查看多路径信息 root 03S etc#multipath v2root 03S etc#multipath llroot 03S etc#chkconfig multipathd on五：创建用户和用户组：groupadd -g 501 oinstall groupadd -g 502 dba groupadd -g 503 oper groupadd -g 504 asmadmin groupadd -g 505 asmoper groupadd -g 506 asmdba useradd -g oinstall -G dba,asmdba,oper oracle useradd -g oinstall -G asmadmin,asmdba,asmoper,oper,dba grid（1）为每个用户设置密码 和root口令一样，所有密码为：rootroot123root 03S Packages# passwd oracle更改用户 oracle 的密码 。新的 密码：无效的密码： 它基于字典单词重新输入新的 密码：passwd： 所有的身份验证令牌已经成功更新。root 04S Packages# passwd grid更改用户 grid 的密码 。新的 密码：无效的密码： 它基于字典单词重新输入新的 密码：passwd： 所有的身份验证令牌已经成功更新。（2）更改： limit.conf file is suitable for oracle and grid uservi /etc/security/limits.conf 添加以下内容添加一grid soft nproc 2047 grid hard nproc 16384 grid soft nofile 1024 grid hard nofile 65536oracle soft nproc 2047 oracle hard nproc 16384 oracle soft nofile 1024 oracle hard nofile 65536（3）添加 pam_limit.so moduleroot 03S # vi /etc/pam.d/login添加：session required pam_limits.so（4）编辑/etc/sysctl.conf ，添加以下内容：fs.aio-max-nr = 1048576 fs.file-max = 6815744 #kernel.shmall = 2097152 #kernel.shmmax = 1054504960 kernel.shmmni = 4096 # semaphores: semmsl, semmns, semopm, semmni kernel.sem = 250 32000 100 128 net.ipv4.ip_local_port_range = 9000 65500 net.core.rmem_default=262144 net.core.rmem_max=4194304 net.core.wmem_default=262144net.core.wmem_max=1048586root 03S # sysctl pgrid 04S $ sysctl p（5）配置SSL互信：在rac双机分别执行，oracle和grid2个用户分别进行root 03S # su - oracle oracle 03S $ ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/oracle/.ssh/id_rsa): /home/oracle/.ssh/id_rsa already exists.Overwrite (y/n)? yEnter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/oracle/.ssh/id_rsa.Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.The key fingerprint is:49:db:45:a7:c1:01:d7:b5:99:df:04:cb:b9:f6:ed:df oracle 03SThe keys randomart image is:+- RSA 2048-+| .o=oo.| o.=.+| . o +.| . + . oo| S . o o| . .| o| .| E|+-+oracle 03S $oracle 03S $ ssh-keygen -t dsaGenerating public/private dsa key pair.Enter file in which to save the key (/home/oracle/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/oracle/.ssh/id_dsa.Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.The key fingerprint is:61:9f:aa:ac:a0:06:ea:5f:75:c2:e8:76:19:ef:b2:85 oracle 03SThe keys randomart image is:+- DSA 1024-+| | | o | o. o . | . =S.o |. . . B. |o . + E.o |.o .o.oo |+.o.o. |+-+oracle 03S $oracle 03S $ ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/oracle/.ssh/id_rsa): /home/oracle/.ssh/id_rsa already exists.Overwrite (y/n)? yEnter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/oracle/.ssh/id_rsa.Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.The key fingerprint is:c7:1d:12:f1:54:4a:ef:ce:1a:28:9b:cc:d4:c1:5a:be oracle 03SThe keys randomart image is:+- RSA 2048-+| o.o. | = o | . + . | o o o | S * . . | * o o | + + . o | + + . o | = E . |+-+oracle 03S $oracle 03S $ ssh-keygen -t dsaGenerating public/private dsa key pair.Enter file in which to save the key (/home/oracle/.ssh/id_dsa): /home/oracle/.ssh/id_dsa already exists.Overwrite (y/n)? yEnter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/oracle/.ssh/id_dsa.Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.The key fingerprint is:8a:9e:e3:bf:73:1f:4a:94:5a:5e:ac:9b:28:48:1a:d4 oracle 04SThe keys randomart image is:+- DSA 1024-+| | | . | . E o |. S o |. . . * o | + . o + . |. .o.o.+ . | .+. |+-+oracle 03S $ cat /.ssh/id_rsa.pub ./.ssh/authorized_keysoracle 03S $ cat /.ssh/id_dsa.pub /.ssh/authorized_keysoracle 03S $ ssh 04S cat /.ssh/id_rsa.pub /.ssh/authorized_keysoracle 03S $ ssh 04S PRIV dateThe authenticity of host 04s ( ) cant be established.RSA key fingerprint is 34:85:84:dc:a9:e4:53:37:4c:01:42:aa:df:28:63:28.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 04s, (RSA) to the list of known hosts.oracle 04ss password:oracle 04S $ssh 03S cat /.ssh/id_dsa.pub /.ssh/authorized_keysoracle 04S $ ssh 03S PRIV dateoracle 03S $ ssh 04S date2015年 01月 27日 星期二 15:19:41 CST配置成功（6）编辑 用户profile文件：oracle 03S $ vi .bash_profile# .bash_profile# Get the aliases and functionsif -f /.bashrc ; then . /.bashrcfi# User specific environment and startup programsPATH=$PATH:$HOME/binexport PATH#